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DETAILED ACTION 

1 . The amendment of 02 April 2008 has been noted and made of record. 

2. Claims 10, 11, 14-17, 19, 20 and 23 have been presented for examination. 

3. Claims 1-9, 12, 13, 18, 21 and 22 have been cancelled as per Applicant's request. 

Response to Arguments 

4. Applicant's arguments filed 02 April 2008 have been fully considered but they are not 
persuasive. 

5. In response to applicant's argument that the examiner's conclusion of obviousness is 
based upon improper hindsight reasoning, it must be recognized that any judgment on 
obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so 
long as it takes into account only knowledge which was within the level of ordinary skill at the 
time the claimed invention was made, and does not include knowledge gleaned only from the 
applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 
170 USPQ 209 (CCPA 1971). 

6. Applicant's arguments regarding the prior art rejections amount to a general allegation 
that the claims define a patentable invention without specifically pointing out how the language 
of the claims patentably distinguishes them from the references. 

7. See further rejections set forth below. 

Claim Objections 

8. Claims 14 and 19 are objected to because of they depend from cancelled claims. 
Appropriate correction is required. 
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Claim Rejections - 35 USC § 103 

9. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

10. Claims 10, 1 1, 14, 15-17, 19, 20, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent Application Publication No. 2003/0014662 Al to Gupta et al, 
hereinafter Gupta, in view of U.S. Patent No. 7,237,258 Bl to Pantuso et al, hereinafter Pantuso. 

11. As per claim 10, Gupta teaches a method for securing logical access to information 
and/or computing resources in a group of computer equipment with minimum access delay, said 
group of computer equipment exchanging data with a computer telecommunication network via 
an access device comprising an operating system, and said data comprising transported data that 
conform to a protocol of at least one application having a plurality of capabilities, as well as 
transport data, said method comprising the steps of: 

defining a finite-state machine for each application protocol (Figures 2 [element 66], 5 
[block 66], 9 [block 64], paragraphs 0086, 0089, 0091, i.e. state machine for application layer 
protocols); 

modeling each finite-state machine in the form of a model (Figures 2 [element 67], 7, 10, 
paragraphs 0107, 0109-0110); 

generating from each model (Figures 2 [element 67], 7, 10, paragraphs 0107, 0109-01 10), 
an analysis module for each application protocol using of an interpreter (Figures 9 [blocks 63, 
64], 12 [Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 0091, 0092, i.e. 
protocol parser specifies the parsing of application layer protocols); and 
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filtering (Figure 9 [blocks 54, 55], 12 [Attack Detector, Response Module], paragraph 
0104, i.e. protocol parser detects SSIDs and passes them to the attack detector) the transported 
data in said operating system by means of said analysis modules (Figures 9 [blocks 63, 64], 12 
[Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 0091, 0092, i.e. 
protocol parser specifies the parsing of application layer protocols). 

12. Gupta does not teach selectively restricting the capabilities of one or more application 
protocols using said analysis modules. 

13. Pantuso teaches the firewall restricting predetermined application level protocols, such as 
e-mail and FTP applications (column 5, lines 44-54). 

14. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to selectively restrict the capabilities offered be an application protocol by using said 
analysis modules, since Pantuso states at column 2, lines 47-57 that restricting the capabilities 
offered by application protocols provides a more secure environment for management purposes 
by granting more access to trusted applications. 

15. Regarding claim 11, Gupta teaches the step of verifying the conformity of said 
transported data with the application protocols involved using said analysis modules (paragraphs 
0083, 0085, 0093, 0103-0104, i.e. checking data locations, examining fields in the packet header 
and fixed locations within the packet payload). 

16. Concerning claims 14 and 19, Gupta teaches the step of parameterizing said analysis 
modules in accordance with predetermined restrictions (paragraphs 0094, i.e. tokens). 
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17. Pantuso discloses a user configuring a firewall or filtering component (column 1, line 59 
to column 2, line 5). 

18. As per claim 15, Gupta teaches an access device for securing logical access to 
information and/or computing resources in a group of computer equipment with minimum access 
delay, said group of computer equipment exchanging data with a computer telecommunication 
network via said access device, and said data comprising transported data that conform to at least 
one application having a plurality of capabilities, as well as transport data, said access device 
comprising: 

an operating system (Figures 4 A [Linux System], 16 [Windows, Solaris], paragraph 
0162) that includes an appropriate analysis module for each application protocol (Figures 9 
[blocks 63, 64], 12 [Fixed-field detector, Protocol Parsing State Machine], paragraphs 0089, 
0091, 0092, i.e. protocol parser specifies the parsing of application layer protocols); 
a filtering module for filtering (Figure 9 [blocks 54, 55], 12 [Attack Detector, Response 
Module]) said transported data in said operating system using said analysis modules (paragraph 
0104, i.e. protocol parser detects SSIDs and passes them to the attack detector). 

19. Gupta does not teach an information processing module for selectively restricting the 
capabilities of one or more application protocol using said analysis module. 

20. Pantuso teaches the firewall restricting predetermined application level protocols, such as 
e-mail and FTP applications (column 5, lines 44-54). 

21 . It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to include an information processing module for selectively restricting the capabilities 
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of one or more application protocol using said analysis module, since Pantuso states at column 2, 
lines 47-57 that restricting the capabilities offered by application protocols provides a more 
secure environment for management purposes by granting more access to trusted applications. 

22. Regarding claim 16, Gupta teaches wherein each analysis module (Figures 9 [blocks 63, 
64], 12 [Fixed-field detector, Protocol Parsing State Machine]) implements a finite-state machine 
representing a given application protocol (paragraphs 0089, 0091, i.e. protocol parser is 
implemented using a state machine to parse application layer protocols). 

23. Regarding claim 17, Gupta teaches wherein said analysis modules (Figure 9 [blocks 63, 
64]) comprises a first information processing module for verifying the conformity of said 
transported data with said application protocols involved (paragraphs 0083, 0085, 0093, 0103- 
0104, i.e. checking data locations, examining fields in the packet header and fixed locations 
within the packet payload). 

24. With regards to claim 20, Gupta teaches wherein said analysis modules (Figure 9 [blocks 
63, 64]) comprises a first information processing module for verifying the conformity of said 
transported data with said application protocols involved (paragraphs 0083, 0085, 0093, 0103- 
0104, i.e. checking data locations, examining fields in the packet header and fixed locations 
within the packet payload). 
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25. Regarding claim 23, Gupta teaches wherein the step of modeling each finite-state 
machine in the form of a model utilizes a state transition matrix (Figure 7, paragraphs 0093, i.e. 
state transition table). 

Conclusion 

26. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

27. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

28. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian LaForgia whose telephone number is (571)272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

29. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine L. Kincaid can be reached on (571) 272-4063. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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30. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Christian LaForgia/ 

Primary Examiner, Art Unit 2139 
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